Major infrastructure and smart city projects are underway across the APAC region, and cybersecurity will play a foundational role in the success of these projects.
From Indonesia’s plans to move its capital city from Jakarta to the Nusantara smart city, to Singapore’s bold ambitions with Tuas Port and Changi Airport – set to be the largest automated seaport and airport respectively – we must expect cybersecurity to play a key and fundamental role in the success of these projects.
That’s because smart cities and modern infrastructure will see the convergence of IT and OT systems, with AI-based and automated digital infrastructure and connectivity critical for operational continuity. Maybe quantum computing would play a major role as more AI, data and computing power are leveraged to manage them.
CybersecAsia spoke to Leonardo Hutabarat, Head of Solutions Engineering, Asia Pacific and Japan (APJ), LogRhythm, about all aspects of securing critical infrastructure in the region.
Considering the wide gap in security between IT and OT systems, and the convergence of IT and OT networks, what are the key considerations in protecting critical infrastructure today?
Leonardo Hutabarat (LH): It is important to note that connected OT systems are a relatively new development, unlike IT systems. While many operators understand the need to beef up security efforts for OT systems, the maturity gap between IT and OT systems has made implementation a challenge.
Firstly, many OT systems depend on legacy architecture, which might not natively support modern security and authentication protocols. OT systems often rely on proprietary protocols and require remote access connections for maintenance, rendering it difficult to gain full visibility of the network due to their decentralised nature. Moreover, the need to keep industrial systems continuously running adds an additional layer of complexity, as any downtime or system restart as a result of a standard patching exercise can have detrimental effects.
The key lies in consolidating the management of both OT and IT systems. We simply cannot ignore the growing cyber threats facing critical infrastructure, as more OT systems come online. To protect the critical infrastructure, organizations should consider structuring IT and OT departments together, for ease of collaboration and management of the newly merged technology.
At the same time, they should implement cybersecurity solutions that provide real-time threat monitoring, detection, and response, across both IT and OT environments to serve as the first line of defense for critical infrastructure. It is key to ensure visibility and understanding of OT infrastructure and OT protocols.
Expanding visibility and understanding of OT assets through log collection, log correlation, OT network traffic monitoring, OT use case creation and finally implementing automation can provide protection in the OT infrastructure and ensure holistic visibility between IT and OT infrastructure.
For example, Security Information and Event Management (SIEM) tools can aid in endpoint mapping and threat detection within the IT and OT environment, helping to streamline incident response processes when the need arises.
Please share some examples of how bad actors could attack or breach critical infrastructure in unconventional ways.
LH: Bad actors are now adopting more sophisticated attacks to gain access to critical infrastructures, from power generation to water supply, in unexpected ways.
The advent of connected infrastructure in the past decade has become a double-edged sword. While these systems drive efficiency, they have given nefarious players to turn cyber attacks into kinetic attacks in unprecedented ways. A compromise in any critical infrastructure components can have reverberating effects across the network and supply chain, disrupting the overall operations.
Take, for instance, the 2016 Ukraine electric power attack. A destructive threat group, Sandworm, used malware to disrupt distribution substations within the Ukrainian power grid. This resulted in around 230,000 Ukrainian residents suffering a power outage of up to 6 hours when almost 60 substations went offline. The attack was highly strategic, beginning with a phishing campaign targeted at IT professionals of various electricity distributors in Ukraine, which served as an entrance point for the attack. Once a recipient opens the email, it launches the supply chain attack, crashing the Programmable Logic Controller and Human-Machine Interface system. According to Reuters, similar malware was found in the networks of at least two other utilities later on.
Another example would be the cyberattack on Portugal’s Águas e Energia do Porto water utility, in February this year. The LockBit ransomware group demanded a ransom and threatened to leak the company’s stolen data if they failed to pay. Given that water utility companies typically hold comprehensive data of their customers as well as confidential business information, they are an attractive target for threat actors, who are more inclined to demand higher ransom demands.